Adobe Flash Vulnerability being used by Ransomware in Malvertising

Last Update Date: 24 Oct 2014 12:08 Release Date: 24 Oct 2014 4728 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Attacks - Malware

TYPE: Malware

Security researchers at Proofpoint discovered CryptoWall 2.0 ransomware used malvertising# to infect the computers with outdated Adobe flash players running on Windows.

 

Without having to click on anything, visitors to the impacted websites which serve Adobe Flash enabled embedded advertisement may be stealthily infected with the ransomware which exploits the vulnerability of Adobe flash players (CVE-2014-0556). The impacted websites, including various service pages in the Yahoo, Match.com, and AOL domains, etc, potentially reaching as many as 3 million visitors per day. Similar to the behaviour of other ransomware, CryptoWall encrypts the files in the infected computers and demands the victims paying ransom in exchange of the encryption keys.

 

#What is Malverstising? 

Malvertising (from "malicious advertising") attacks use online advertising channels to infiltrate malware into the computers of unsuspecting users by embedding malicious code within advertisements on legitimate websites.

 

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Adobe Flash Player 14.0.0.179 and prior running on Windows
  • Adobe Flash Player ESR 13.0.0.241 and prior running on Windows
 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to a fixed version.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple TV Multiple Vulnerabilities

22 Oct 2014 2967 Views

Next

IBM Lotus Notes / Domino Java Multiple Vulnerabilities

27 Oct 2014 3118 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY